Page 62 - SAMENA Trends - July-August 2023
P. 62
ARTICLE SAMENA TRENDS
Proactively set the tone at the top The US’ Securities and Exchange Commissions (SEC)
Cybersecurity is a strategic activity of any
organization. While most of successful recognized the impact a major cyberattack can have on a
attacks remain manageable within business and issued very recently new rules requiring all
organizations, only one data breach on publicly traded companies in the US to release details of
sensitive/personal information can ruin
hard-earned customers and investors a cyberattack within four days of determining that it has a
trust. The US’ Securities and Exchange material impact. By placing cybersecurity at the forefront
Commissions (SEC) recognized the
impact a major cyberattack can have on a of their agenda, leaders (management and boards)
business and issued very recently new rules demonstrate their commitment to protecting valuable
requiring all publicly traded companies in
the US to release details of a cyberattack assets, sensitive information, and customer trust.
within four days of determining that it has
a material impact. By placing cybersecurity advancement, the complexity and cost of address software supply chain related
at the forefront of their agenda, leaders cyberattacks, the regulatory framework or risks.
(management and boards) demonstrate even the maturity of the organization and • Develop partnerships and collaboration:
their commitment to protecting valuable industry in which a specific it operates. Cyber threats, especially those arising
assets, sensitive information, and customer However, there are some basic umbrella from technology, transcend geographical
trust. As pointed out in one recent Kearney measures that we recommend ensuring and organizational boundaries,
article , they should adopt a proactive they are in place during the digital necessitating a unified and cohesive
3
approach, ensuring that cybersecurity transformation: approach to defense on top of individual
strategies align with the evolving threat • Ensure security is by design and by approaches. Organizations should work
landscape and organization risk appetite, default: Organizations should ensure with governments and international
and outcomes are regularly assessed using security is by design during project entities to foster collaboration within
right technical and operational performance and system design (e.g, implementing their relevant cyber ecosystem to enable
metrics (E.g., Lost manufacturing hours, DevSecOps practices) and by default intelligence, best practices, and resource
lost engineering hours, lost sales hours). in every configuration to proactively sharing and development of standardized
This involves not only investing in robust protect against cyber threats. Many frameworks, regulations and approaches
cybersecurity resources and capabilities organizations are tempted to move to collectively address emerging threats
(technological and human) but also fast in their transformation and neglect and vulnerabilities.
commit their personal time to infuse and cybersecurity, leaving several loopholes • Invest in the human factor: As
foster a robust cybersecurity-aware culture that will be exploited by hackers. While approximately 70% of cyber-attacks are
across the organization, emphasizing the policies and procedures are important caused by human errors, a cybersecurity
shared responsibility of all stakeholders to implement security by design and by strategy without a comprehensive and
in safeguarding data and systems. CISOs default, it is mostly an organizational innovative approach to cybersecurity
(Chief Information Security Officers) have mindset that need to change and evolve education and awareness is incomplete
an important role to play to educate, support towards that philosophy. and cannot yield the expected return.
and enable business executives on their • Manage supply chain risks: In recent Consider advanced cybersecurity
ability to make thoughtful and meaningful years, it is estimated that around 50 techniques and technologies
cybersecurity decisions, by ensuring at a percent of cyberattacks came from After fixing the basics, organizations should
minimum that assets are identified and third parties, with negative effects on move to a visionary state and consider
6
5
classified, and executives are fully aware customer churn reaching 20 percent trying different approaches that will fit the
and informed of the associated risks. .cybersecurity-related disruptions in evolving threat landscape.
the supply chain have cost businesses • Adopt zero-trust principles:
Fix the basics $1 trillion in the US and Europe alone. implementing a Zero Trust model is
A recent study that Kearney conducted with Good starting points to mitigate these essential for bolstering cybersecurity
4
several executives worldwide, showed that disruptions are to conduct regular— and can safeguard critical assets, as
approximately 50% of organizations had and comprehensive—“value-at-risk” traditional perimeter defense measures
still a reactive approach to cybersecurity assessments, design disciplined vendor prove insufficient against sophisticated
and the basics are not met. The threshold risk management capabilities and threats. Zero Trust operates on a "need-
of what is considered as basics is not static implement software bill of material to-know" basis, assuming no implicit
and depends on numerous factors such as veri¬fication in order to identify software trust of users, devices, or applications,
the risk appetite, the state of technological components and dependencies and thus even within the organization's network
62 JULY-AUGUST 2023
